Re: CertificationMagazine - Blind SQL Injection Vulnerability

[Tomy <support () vs-db info>]

Hi Vulnerability-Copy-Paste-Leech-LAB

You are funny KIDS Vulnerability-Lab

Let's clear something

HISTORY:
1. You had posted first 1 year old BUG - leeched from MY VULNERABLE Sites DATABASE
2. i have sent you info / full disclosure that it was very OLD BUG - reported YEAR ago. (this wasn’t an attack!)
3. You have posted second 1.5 Year old BUG
4. i have sent you info / full disclosure that it was OLD BUG reported may 2010 (this wasn’t attack)
5. ATTACK FROM Vulnerability-LAB - 100% lies and fabricated stories in order to discredit me and my friends from 
Ariko-Security. 

You don’t understand simple english – I am not ariko-security member – here is  this sentence in German:  
Ich bin nicht in einer Gruppe Ariko-Security

You smoke too much:
1.
" then records of the databases that u dumped... because of the fact that you guys hack illegal into web-servers and 
dump the databases and do not notify the vendor."  YEAH LOL 
2. 
"Some weeks ago another AS member asked us ...  why we do not work with you guys (vs-db.info & AS)? He also asked us 
multiple times for selling the dumps of hacked databases!?" nice children's imagination 
3.
"Also if you view in context what we do vs what you do there is no way we want to work with you." LOL AGAIN ,

some facts:
ID: 26 845 6056 2 - IHK - 34125 Kassel (Germany) - Evolution Security - fake company - NOT REGISTERED IN GERMANY , NO 
VAT ID 
5.
DevSec  - nice empty web page – also fake company – no VAT ID in netherlands
Welkom op devsec.nl 

Please DO NOT SPAM MORE FD, if You want something from ME simply mail me.

Tomy / Vulnerable Sites Database



Wiadomość napisana przez research () vulnerability-lab com w dniu 23 gru 2011, o godz. 17:57:

> Hi Tomy,
> After you wrote us now the second e-mail we want to make something very clear to u and everyone @ vs-db.info & 
> ariko-security
>
> 1. Your website is serves no point other then records of the databases that u dumped... because of the fact that you 
> guys hack illegal into web-servers and dump the databases and do not notify the vendor.
> You guys tell the researchers around you that you do some security stuff ... i think you guys are just fucking 
> criminals. Thats why nobody respects the work you do anywhere.
>
> 2. Some weeks ago another ariko-security member asked us ...  why we do not work with you guys (vs-db.info & 
> ariko-security)? He also asked us multiple times for selling the dumps of hacked databases!?
> To answer that once more we are not interested in selling stolen information as said many times before. 
> Why ?!  Mainly due the fact that this is a criminal offence. 
> And so a no go in our vision for the future of vulnerability-lab.com
>
> 3. Also if you view in context what we do vs what you do there is no way we want to work with you.
> We
> - Inform vendors
> - Verify vulnerabilities/bugs to ensure validity
> - Disclosure after contact with vendor or after multiple tries to contact the vendor
> - Discolsure policy
> - Try to protect vendors and customers of those vendors
>
> You
> - Dont inform vendor
> - No Discolsure policy
> - No verfication other then a picture
> - Selling of illegally dumped databases/information to make money
>
> 4. If so that you say that you are all that good an you are so awsome in what you do why is a 1.5 year old bug (if 
> this infact true) still unpatched when we found it!?
> Sounds to me that u dumped the database then probably sold it off and then forgot all about it. Instead of contacting 
> the vendor/webmaster etc.
> So clearly you have no idea of what working in security is about. Your are only trying to rape the benefits of a 
> trick that you know.
>
> I hope that you see this as a wake up call and warning as next time we might not be as friendly.
>
> Best Regards,
> The Vulnerability-lab Team.
>
>
>
> Am 23.12.2011 11:32, schrieb Tomy:
> > http://www.vs-db.info/?p=593
> >
> > MAY 2010 - Nice that you can find 1.5 YEARS old hole LOL!
> >
> > Tomy
> >
> > Wiadomość napisana przez research () vulnerability-lab com w dniu 20 gru 2011, o godz. 17:08:
> >
> > > http://www.certmag.com/
> >
> > Tomy
> > support () vs-db info
>
>
> -- 
> Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
> Contact: admin () vulnerability-lab com or support () vulnerability-lab com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Tomy
support () vs-db info



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/